Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(175)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_unittest.cc

Issue 333033: X509CertificateNSS::Verify should honor the VERIFY_REV_CHECKING_ENABLED... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Upload before checkin Created 11 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/pickle.h" 5 #include "base/pickle.h"
6 #include "net/base/cert_status_flags.h" 6 #include "net/base/cert_status_flags.h"
7 #include "net/base/cert_verify_result.h" 7 #include "net/base/cert_verify_result.h"
8 #include "net/base/net_errors.h" 8 #include "net/base/net_errors.h"
9 #include "net/base/x509_certificate.h" 9 #include "net/base/x509_certificate.h"
10 #include "testing/gtest/include/gtest/gtest.h" 10 #include "testing/gtest/include/gtest/gtest.h"
(...skipping 658 matching lines...) Expand 10 before | Expand all | Expand 10 after
669 reinterpret_cast<const char*>(paypal_null_der), 669 reinterpret_cast<const char*>(paypal_null_der),
670 sizeof(paypal_null_der)); 670 sizeof(paypal_null_der));
671 671
672 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert); 672 ASSERT_NE(static_cast<X509Certificate*>(NULL), paypal_null_cert);
673 673
674 const X509Certificate::Fingerprint& fingerprint = 674 const X509Certificate::Fingerprint& fingerprint =
675 paypal_null_cert->fingerprint(); 675 paypal_null_cert->fingerprint();
676 for (size_t i = 0; i < 20; ++i) 676 for (size_t i = 0; i < 20; ++i)
677 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]); 677 EXPECT_EQ(paypal_null_fingerprint[i], fingerprint.data[i]);
678 678
679 #if defined(OS_WIN)
680 // TODO(wtc): The Linux try bots still have NSS 3.12.0. They need to be
681 // updated to NSS 3.12.3.1 or later. Also, nss_ocsp.cc asserts that the
682 // current thread is a worker thread in our thread pool and therefore has
683 // no message loop. That assertion is overly strict.
684 int flags = 0; 679 int flags = 0;
685 CertVerifyResult verify_result; 680 CertVerifyResult verify_result;
686 int error = paypal_null_cert->Verify("www.paypal.com", flags, 681 int error = paypal_null_cert->Verify("www.paypal.com", flags,
687 &verify_result); 682 &verify_result);
688 EXPECT_NE(OK, error); 683 EXPECT_NE(OK, error);
689 // Either the system crypto library should correctly report a certificate 684 // Either the system crypto library should correctly report a certificate
690 // name mismatch, or our certificate blacklist should cause us to report an 685 // name mismatch, or our certificate blacklist should cause us to report an
691 // invalid certificate. 686 // invalid certificate.
687 #if defined(OS_WIN)
688 // TODO(wtc): The Linux try bots still have NSS 3.12.0. They need to be
689 // updated to NSS 3.12.3.1 or later.
692 EXPECT_NE(0, verify_result.cert_status & 690 EXPECT_NE(0, verify_result.cert_status &
693 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID)); 691 (CERT_STATUS_COMMON_NAME_INVALID | CERT_STATUS_INVALID));
694 #endif 692 #endif
695 } 693 }
696 694
697 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We 695 // Tests X509Certificate::Cache via X509Certificate::CreateFromHandle. We
698 // call X509Certificate::CreateFromHandle several times and observe whether 696 // call X509Certificate::CreateFromHandle several times and observe whether
699 // it returns a cached or new X509Certificate object. 697 // it returns a cached or new X509Certificate object.
700 // 698 //
701 // All the OS certificate handles in this test are actually from the same 699 // All the OS certificate handles in this test are actually from the same
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
790 788
791 policy.Allow(webkit_cert.get()); 789 policy.Allow(webkit_cert.get());
792 790
793 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::DENIED); 791 EXPECT_EQ(policy.Check(google_cert.get()), X509Certificate::Policy::DENIED);
794 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::ALLOWED); 792 EXPECT_EQ(policy.Check(webkit_cert.get()), X509Certificate::Policy::ALLOWED);
795 EXPECT_TRUE(policy.HasAllowedCert()); 793 EXPECT_TRUE(policy.HasAllowedCert());
796 EXPECT_TRUE(policy.HasDeniedCert()); 794 EXPECT_TRUE(policy.HasDeniedCert());
797 } 795 }
798 796
799 } // namespace net 797 } // namespace net
OLDNEW
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698